1. Field of the Invention
The present invention relates to cryptographic authentication in electronic commerce. More specifically, the present invention relates to the use of cryptographic authentication to provide security to transactions in electronic commerce.
2. Description of the Related Art
With the continued increase in commercial and other transactions taking place across linked computer systems, it has become desirable to secure these transactions and the information related to these transactions. One form of security is to prevent access to systems which perform certain functions, for instance by requiring a password or PIN number in order to use an ATM. Another form of security is to protect data from being intercepted and used by those other than the intended recipients, for instance, when sending a credit card number electronically. Another form of security involves allowing someone to undeniably sign a document or otherwise assent to a transaction electronically.
All of these functions are related to the concept of authentication, or proof of identity. Authentication of electronic transactions, particularly those carried out across networks or other physically distributed systems, is generally carried out using cryptographic techniques and protocols. Cryptography is the scrambling of information in such a specific way that it can only be unscrambled by someone who holds the appropriate unscrambling key. By exchanging messages which can only be decrypted by those with access to the proper key, cryptographic protocols can be used as a means to authenticate individuals.
However, different authentication techniques have differing levels of both reliability and ease of use. Generally, those techniques which are simpler and less cumbersome to use also provide less security that the individual is authenticated correctly. Passwords are an example of such a simple technique. It is easy to enter a password to prove who you are; however, it is also easy for someone else to overhear your password and use it to attempt to prove that he is you.
Stronger techniques may involve control over particular tokens, such as a particular smart card, or may make use of biometric identifiers, such as fingerprint analysis or retinal scanning. However, such techniques may require specialized hardware or require that the user carry a particular item at all times.
While some transactions are sufficiently authenticated by simple unreliable authentication techniques, for authentication of other transactions, it may be desirable to require a high degree of confidence in the authentication in order to allow the transaction. For instance, transactions which have a large economic value, such as a supply contract, or which carry a high risk for false authentication, such as logging on to a military computer, may require high security authentication.
Therefore, there is a continued need for improved systems that provide users and vendors with levels of security in authentication appropriate to the transactions being carried out while improving the ease of use of such authentication for common tasks.